Security is a never ending game, and the recent attack against Sony, as well as the Xbox Live and PSN platforms, has shown us that there's no such thing as 100% secure. The best we can do is make the attacks more difficult and improve event detection so that breaches can be closed down quickly.
If you thought using fingerprints increased your security, you're right, but only when used in addition to another authentication method. A single form of authentication is always worse than multiple forms, and a research group out of Germany has proven that by forging fingerprints using only pictures of a victim's fingers. The same group claimed that they were able to bypass Apple's fingerprint scanner with a similar method last year. Now the method will be shown to the world at the Chaos Communications Congress conference and streamed online for those interested in seeing the attack in action.
Regardless of how easy the attack is to perform, it's important to remember the difference between authentication and identification. We use biometrics for authentication, when in reality they should be used only to identify that you're who you say you are. In other words, since you can never change a biometric, they're better used as your username rather than your password. That said, this fingerprint method is more of a concern for high-security places that use fingerprint scanning for access, rather than individuals using the fingerprint scanner on their mobile phone.
As the old saying goes: As security increases, usability decreases.
8 Comments - Add comment